Lucene search
Veracode Vulnerability DatabaseVERACODE:31500HistoryAug 05, 2021 - 5:45 a.m.
Privilege Escalation
2021-08-0505:45:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
55
0.007 Low
EPSS
Percentile
80.2%
tar (node-tar) is vulnerable to privilege escalation. The vulnerability exists due to insufficient absolute path sanitization.
References
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
github.com/advisories/GHSA-3jfq-g458-7qm9
github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
www.npmjs.com/advisories/1770
www.npmjs.com/package/tar
www.oracle.com/security-alerts/cpuoct2021.html
Related
ibm
ibm
nodejs
nodejs
githubexploit
githubexploit
Exploit for Path Traversal in Tar Project Tar
2021-08-31 04:32:38
redhatcve
redhatcve
CVE-2021-32804
2021-08-05 11:20:19
ubuntucve
ubuntucve
CVE-2021-32804
2021-08-03 00:00:00
debiancve
debiancve
CVE-2021-32804
2021-08-03 19:15:08
prion
prion
Design/Logic Flaw
2021-08-03 19:15:00
osv
osv
CVE-2021-32804
2021-08-03 19:15:08
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
cve
cve
CVE-2021-32804
2021-08-03 19:15:08
alpinelinux
alpinelinux
CVE-2021-32804
2021-08-03 19:15:08
cvelist
cvelist
nvd
nvd
CVE-2021-32804
2021-08-03 19:15:08
github
github
GitHub security update: Vulnerabilities in tar and @npmcli/arborist
2021-09-08 16:00:32
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0103)
2022-03-22 00:00:00
openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2022:0657-1)
2022-03-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0531-1)
2022-02-22 00:00:00
mageia
mageia
Updated nodejs-tar packages fix security vulnerability
2022-03-21 23:18:30
nessus
nessus
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0704-1)
2022-03-05 00:00:00
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0531-1)
2022-02-22 00:00:00
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0563-1)
2022-02-24 00:00:00
suse
suse
Security update for nodejs8 (important)
2022-03-04 00:00:00
Security update for nodejs14 (important)
2022-03-04 00:00:00
Security update for nodejs12 (important)
2022-03-02 00:00:00
freebsd
freebsd
Node.js -- August 2021 Security Releases (2)
2021-08-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 14.17.6-alt1
2021-09-01 00:00:00
nodejsblog
nodejsblog
August 31 2021 Security Releases
2021-08-31 00:00:00
rocky
rocky
nodejs:12 security and bug fix update
2021-09-21 12:33:58
nodejs:14 security and bug fix update
2021-09-27 06:47:35
oraclelinux
oraclelinux
nodejs:14 security and bug fix update
2021-09-27 00:00:00
nodejs:12 security and bug fix update
2021-09-22 00:00:00
redhat
redhat
(RHSA-2021:3666) Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
(RHSA-2021:3623) Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
almalinux
almalinux
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00